VLSI implementation of a multi-mode turbo/LDPC decoder architecture

Flexible and reconfigurable architectures have gained wide popularity in the communications field. In particular, reconfigurable architectures for the physical layer are an attractive solution not only to switch among different coding modes but also to achieve interoperability. This work concentrates on the design of a reconfigurable architecture for both turbo and LDPC codes decoding. The novel contributions of this paper are: i) tackling the reconfiguration issue introducing a formal and systematic treatment that, to the best of our knowledge, was not previously addressed; ii) proposing a reconfigurable NoCbased turbo/LDPC decoder architecture and showing that wide flexibility can be achieved with a small complexity overhead. Obtained results show that dynamic switching between most of considered communication standards is possible without pausing the decoding activity. Moreover, post-layout results show that tailoring the proposed architecture to the WiMAX standard leads to an area occupation of 2.75 mm2 and a power consumption of 101.5 mW in the worst case

Fixed-point MAP decoding of channel codes

This paper describes the fixed-point model of the maximum a posteriori (MAP) decoding algorithm of turbo and low-density parity-check (LDPC) codes, the most advanced channel codes adopted by modern communication systems for forward error correction (FEC). Fixed-point models of the decoding algorithms are developed in a unified framework based on the use of the Bahl-Cocke-Jelinek-Raviv (BCJR) algorithm. This approach aims at bridging the gap toward the design of a universal, multistandard decoder of channel codes, capable of supporting the two classes of codes and having reduced requirements in terms of silicon area and power consumption and so suitable to mobile applications. The developed models allow the identification of key parameters such as dynamic range and number of bits, whose impact on the error correction performance of the algorithm is of pivotal importance for the definition of the architectural tradeoffs between complexity and performance. This is done by taking the turbo and LDPC codes of two recent communication standards such asWiMAX and 3GPP-LTE as a reference benchmark for a mobile scenario and by analyzing their performance over additive white Gaussian noise (AWGN) channel for different values of the fixed-point parameters

Towards large-scale and collaborative spectrum monitoring systems using IoT devices

Mención Internacional en el título de doctorThe Electromagnetic (EM) spectrum is well regulated by frequency assignment authorities, national regulatory agencies and the International Communication Union (ITU). Nowadays more and more devices such as mobile phones and Internet-of-Things (IoT) sensors make use of wireless communication. Additionally we need a more efficient use and a better understanding of the EM space to allocate and manage efficiently all communications. Governments and telecommunication operators perform spectrum measurements using expensive and bulky equipments scheduling very specific and limited spectrum campaigns. However, this approach does not scale as it can not allow to widely scan and analyze the spectrum 24/7 in real time due to the high cost of the large deployment. A pervasive deployment of spectrum sensors is required to solve this problem, allowing to monitor and analyze the EM radio waves in real time, across all possible frequencies, and physical locations. This thesis presents ElectroSense, a crowdsourcing and collaborative system that enables large scale deployments using Internet-of-Things (IoT) spectrum sensors to collect EM spectrum data which is analyzed in a big data infrastructure. The ElectroSense platform seeks a more efficient, safe and reliable real-time monitoring of the EM space by improving the accessibility and the democratization of spectrum data for the scientific community, stakeholders and the general public. In this work, we first present the ElectroSense architecture, and the design challenges that must be faced to attract a large community of users and all potential stakeholders. It is envisioned that a large number of sensors deployed in ElectroSense will be at affordable cost, supported by more powerful spectrum sensors when possible. Although low-cost Radio Frequency (RF) sensors have an acceptable performance for measuring the EM spectrum, they present several drawbacks (e.g. frequency range, Analog-to-Digital Converter (ADC), maximum sampling rate, etc.) that can negatively affect the quality of collected spectrum data as well as the applications of interest for the community. In order to counteract the above-mentioned limitations, we propose to exploit the fact that a dense network of spectrum sensors will be in range of the same transmitter(s). We envision to exploit this idea to enable smart collaborative algorithms among IoT RF sensors. In this thesis we identify the main research challenges to enable smart collaborative algorithms among low-cost RF sensors. We explore different crowdsourcing and collaborative scenarios where low-cost spectrum sensors work together in a distributed manner. First, we propose a fast and precise frequency offset estimation method for lowcost spectrum receivers that makes use of Long Term Evolution (LTE) signals broadcasted by the base stations. Second, we propose a novel, fast and precise Time-of-Arrival (ToA) estimation method for aircraft signals using low-cost IoT spectrum sensors that can achieve sub-nanosecond precision. Third, we propose a collaborative time division approach among sensors for sensing the spectrum in order to reduce the network uplink bandwidth for each spectrum sensor. By last, we present a methodology to enable the signal reconstruction in the backend. By multiplexing in frequency a certain number of non-coherent low-cost spectrum sensors, we are able to cover a signal bandwidth that would not otherwise be possible using a single receiver. At the time of writing we are the first looking at the problem of collaborative signal reconstruction and decoding using In-phase & Quadrature (I/Q) data received from low-cost RF sensors. Our results reported in this thesis and obtained from the experiments made in real scenarios, suggest that it is feasible to enable collaborative spectrum monitoring strategies and signal decoding using commodity hardware as RF sensing sensors.Programa de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: Bozidar Radunovic.- Secretario: Paolo Casari.- Vocal: Fco. Javier Escribano Aparici

On chip interconnects for multiprocessor turbo decoding architectures

International audienc

BaseSAFE: Baseband SAnitized Fuzzing through Emulation

Rogue base stations are an effective attack vector. Cellular basebands represent a critical part of the smartphone's security: they parse large amounts of data even before authentication. They can, therefore, grant an attacker a very stealthy way to gather information about calls placed and even to escalate to the main operating system, over-the-air. In this paper, we discuss a novel cellular fuzzing framework that aims to help security researchers find critical bugs in cellular basebands and similar embedded systems. BaseSAFE allows partial rehosting of cellular basebands for fast instrumented fuzzing off-device, even for closed-source firmware blobs. BaseSAFE's sanitizing drop-in allocator, enables spotting heap-based buffer-overflows quickly. Using our proof-of-concept harness, we fuzzed various parsers of the Nucleus RTOS-based MediaTek cellular baseband that are accessible from rogue base stations. The emulator instrumentation is highly optimized, reaching hundreds of executions per second on each core for our complex test case, around 15k test-cases per second in total. Furthermore, we discuss attack vectors for baseband modems. To the best of our knowledge, this is the first use of emulation-based fuzzing for security testing of commercial cellular basebands. Most of the tooling and approaches of BaseSAFE are also applicable for other low-level kernels and firmware. Using BaseSAFE, we were able to find memory corruptions including heap out-of-bounds writes using our proof-of-concept fuzzing harness in the MediaTek cellular baseband. BaseSAFE, the harness, and a large collection of LTE signaling message test cases will be released open-source upon publication of this paper